OAuth via Reddit app ID only returns 401
Image: 127810e9b744 2 weeks ago
Environment variables used:
- REDIS_HOST=redis - DOMAIN=teddit.sethforprivacy.com - THEME=dark - USE_HELMET=true - USE_HELMET_HSTS=true - TRUST_PROXY=true - HTTPS_ENABLED=false - REDIRECT_HTTP_TO_HTTPS=false - REDIRECT_WWW=false - USE_REDDIT_OAUTH=true - "REDDIT_APP_ID=example-app_id"
Up until a few days ago, my instance has been working with quite high usage using an installed app ID under my own Reddit account. Unfortunately, something seems to have changed and caused all app ID OAuth to stop working, even after creating two more app IDs and trying those.
My instance now only works with OAuth disabled.
Anything else I can try here? Seems likely this is a change on the Reddit side, possibly to try and block Teddit access widely.
I did experience this as well, and I disabled OAuth on teddit.net because of this.
I have no idea why this is happening. I tried searching discussions and documentation etc. and didn't find anything what would explain this. Nothing should have been changed on Reddit API.
Instances should not use OAuth for now. Only feature which won't work without OAuth is loading more comments via "load more comments (x)" button in the bottom of posts (which have more than 500-1000 comments or so).
Ah, thanks, wasn't sure if #259 was related or not after reading through it as it was just focused on subreddits.
I'll keep an eye out for updates then and fall back from OAuth -- that has "fixed" the issue for now, of course, but would like to use my own app ID again once working.
I'll see if I can dig up anything as well if/when I get time on what has changed here.
I'm not sure if this is related at all, but I noticed that teddit.net has been super slow again today. I decided to ssh in to the server and watch
netstat for a moment. I noticed that there are huge amount of requests from certain IP ranges, like:
And this 17.121.* block seems to belong to Apple, and these addresses mentioned above are belonging to their crawler bot called Applebot.
I decided to add this bot to the robots.txt and disallow it
On teddit.net I also decided to drop all requests coming from 17.121.* with iptables. Immediately after this teddit.net is running normally again.
I don't know how this would be related to the OAuth 401 issue, but I wouldn't be surprised if certain clients (or app IDs belonging to certain username) which are spamming too much Reddit API would've got banned.
One thing which would be nice to test is to create a brand new Reddit account, then create a new app, and use that app's ID with teddit OAuth and see if it also gets 401.
EDIT: Tested it now, gets 401s with OAuth. So this Applebot thing seems to not be related to this issue...
Deleting a branch is permanent. It CANNOT be undone. Continue?